package com.wfg.myshiro.config;

import com.wfg.myshiro.realm.MyRealm;
import com.wfg.myshiro.realm.MyRealm1;
import com.wfg.myshiro.realm.MyRealm2;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

/**
 * myshiro 配置类 作用类似于spring的配置文件
 *
 * @Title: com.wfg.myshiro.config
 * @Date: 2020/12/24 0024 23:05
 * @Author: wfg
 * @Description:
 * @Version:
 */
@Configuration
public class ShiroConfig {


    @Bean
    public SecurityManager securityManager(MyRealm2 myRealm){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(myRealm);
        return  securityManager;
    }

    /**
     * realm 来完成我们的认证和授权
     * @return
     */
    @Bean
    public MyRealm2 myRealm(){
        return new MyRealm2();
    }

    /**
     * ShiroFilterFactoryBean 相当于规则过滤器
     * 比如什么样的请求可以通过,什么样的规则不能通过
     * @return
     */
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager){
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        //登录请求跳转的地址
        shiroFilterFactoryBean.setLoginUrl("/");
        //配置登录成功后的跳转地址
        shiroFilterFactoryBean.setSuccessUrl("/sucess");
        //配置没有权限的时候跳转的地址
        shiroFilterFactoryBean.setUnauthorizedUrl("/noPermission");
        /**
         * 配置权限拦截规则
         */
        Map<String,String> filterChainMap = new LinkedHashMap<>();
        //配置login请求不需要进行登录验证, anon表示不需要进行登录验证
        filterChainMap.put("/login","anon");
        //配置退出登录,清空当前用户的session信息
        filterChainMap.put("/logout","logout");
        //配置admin开头的所有请求需要进行登录认证,authc 表示登录认证
        //roles[admin]表示所有admin开头的请求,需要有admin角色才可以
        //filterChainMap.put("/admin/**","authc,roles[admin]");
        //配置user开头的所有请求需要进行登录认证,authc 表示登录认证
        //filterChainMap.put("/user/**","authc,roles[user]");
        //配置剩余的所有请求全部需要进行登录认证(注意这个必须写在最后面),可选配置
        //filterChainMap.put("/**","authc");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainMap);
        return shiroFilterFactoryBean;
    }

    /**
     * 开启shiro注解支持(例如@RequiresRoles()和@RequiresPermissions())
     * shiro的注解需要借助spring的aop来实现
     * @return
     */
    @Bean
    public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator(){
        DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
        advisorAutoProxyCreator.setProxyTargetClass(true);
        return advisorAutoProxyCreator;
    }

    /**
     * 开启spring的aop注解支持
     * @param securityManager
     * @return
     */
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager){
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }


































}
